#scheme #signature-scheme #hash #sign #public-key #merkle-tree #command-line-tool

bin+lib hash-based-signatures

A command-line tool to sign arbitrary files using hash-based signatures

1 unstable release

0.1.0 Nov 2, 2022

#2651 in Cryptography

MIT license

515KB
1.5K SLoC

Rust 1K SLoC // 0.0% comments JavaScript 299 SLoC // 0.2% comments Shell 9 SLoC

Hash-based signatures

A Rust implementation of hash-based signatures.

Disclaimer: This repository is a toy project to play around with Rust and cryptographic primitives. It implements some ideas of Chapter 14 of "A Graduate Course in Applied Cryptography" by Dan Boneh and Victor Shoup.

Hash-based signatures - unlike signature schemes based on RSA or ECC - do not rely on number-theoretic assumptions that are known to be broken by Quantum computers.

Stateless many-time signature schemes can be built in a three-step process:

  1. A one-time signature scheme can be built purely from hash functions.
  2. From there, we build an indexed signature scheme. Using a Merkle tree, the otherwise very large public key can be reduced to a single hash (at the expense of a larger signature).
  3. Finally, Merkle signatures build a tree of indexed signature schemes.

Command line tool

Install Rust and run:

$ cargo install hash-based-signatures

This gives you a command-line tool that lets you generate keys, sign files, and validate signatures:

To get started with signature verification, check out the example!

To sign files, run:

$ cargo run -- key-gen

This will create a .private_key.json in your working directory and print the corresponding public key. Keep it private!

To sign a file, make sure that you have a .private_key.json in your working directory and run:

$ cargo run -- sign example/readme.md

Web app

Last but not least, signatures can also be verified using a web app, based on a Web Assembly compilation of the code:

https://georgwiese.github.io/hash-based-signatures/

Dependencies

~16MB
~372K SLoC